Category Archives: Security

Facebook activates ‘Safety Check’ after Orlando massacre

Posted by on 13 June, 2016

This post was originally published on this site

Facebook activated its ‘Safety Check’ tool after the killings at an Orlando nightclub early Sunday, making it the first time the service was used in the U.S.

A gunman opened fire at the nightclub, killing at least 50 people in what President Barack Obama said was being investigated as an “act of terrorism.”

Facebook’s tool, launched in 2014, helps users in the vicinity of a disaster alert family and friends about their safety. The tool asks users determined to be in the affected area if they are safe and they can then notify their friends about their safety with the click of a button. 

Facebook said it has over the last few months both improved the launch process to make it easier and quicker to activate the tool, while also testing ways to let users identify and elevate local crises. It has, for example, automated the deployment of the tool so that trained teams across time zones can activate the tool at any time, rather than wait for an engineer to do it.

“Following the community-generated Safety Check activation this morning in Orlando, we have now activated Facebook-initiated Safety Check for a mass shooting at a nightclub there. We hope the people in the area find the tool a helpful way to let their friends and family know they are okay,” a spokeswoman for the social networking company said on Sunday.

Between January and May this year, Facebook activated Safety Check 17 times compared to 11 instances in the previous two years. The recent disasters for which the tool was activated ranged from earthquakes in Ecuador, wildfire in Alberta, Canada, to a cyclone in Bangladesh and flooding and landslides in Sri Lanka.

Facebook has broadened the list of disasters for which it activates Safety Check to include terror attacks, starting with the Paris attacks in November last year. The company decided to use the tool in a terror attack for the first time in Paris after it was observed that “Facebook became a place where people were sharing information and looking to understand the condition of their loved ones,” according to a company post at the time. Before that, the tool was only activated for natural disasters.

Symantec to acquire Blue Coat for $4.65 billion

Posted by on 13 June, 2016

This post was originally published on this site

Security company Symantec is to acquire web security provider Blue Coat for $4.65 billion in cash in a deal that will broaden the portfolio of security technologies the combined company can offer customers as they move to the cloud.

The deal, which is expected to be closed by the third quarter, will also see Greg Clark, CEO of Blue Coat, taking over as CEO of Symantec and joining its board at the the closing of the transaction. Symantec, well-known for its anti-virus software, has been looking out for a new CEO since April after it was announced that its CEO Michael Brown was stepping down, following poor financial results. Ajei Gopal was appointed as interim president and chief operating officer.

The acquisition will combine Symantec’s threat monitoring capabilities with Blue Coat’s network and cloud security offerings to protect customers across cyber endpoints, email, web, network, and servers, Symantec said late Sunday. It said that its data loss prevention capabilities will be applied at the web proxy and to over 12,000 cloud applications. The combined company, with headquarters in Mountain View, California, will have over 3,000 engineers and researchers, as well as nine Threat Response Centers.

The combined company is expected to have $4.4 billion in revenues in fiscal year 2016, of which 62 percent is to come from enterprise security.

Despite growing concern about security after high-profile security breaches, Symantec has not been able to translate that into a favorable outcome for the company on the financial front. The company reported in May that revenue for the fourth quarter of its fiscal year ended April 1 was $873 million, down 3 percent from a year earlier, while annual revenue fell 9 percent to $3.6 billion.

Symantec plans to finance the transaction using a combination of cash on its balance sheet and $2.8 billion of new debt. Silver Lake, an investor in Symantec, plans to double its investment to $1 billion through acquiring convertible notes of the company. Bain Capital, majority shareholder in Blue Coat, also plans to reinvest $750 million in the combined company through the convertible notes.

Symantec announced in January that it completed the sale of its Veritas information management business to a group of investors. Earlier this month, Blue Coat announced that it had publicly filed a registration statement with the U.S. Securities and Exchange Commission for a proposed initial public offering, a move that will now be likely withdrawn.

Unikernel power comes to Java, Node.js, Go, and Python apps

Posted by on 13 June, 2016

This post was originally published on this site

An open source project sponsored by EMC allows applications written in C/C++, Java, Go, Node.js, and now Python to be transformed into unikernels — operating systems that do nothing but run a single, dedicated application.

UniK (pronounced “unique”) is one of several experiments with unikernels to see if their minimal footprint and security profile can work better than containers for some workloads.

UniK promises a simple way for an organization to find out if a unikernel version of a given app runs better than its containerized counterpart. The workload is about the same as would be required to deploy the app as a container.

Written mainly in Go, UniK compiles images that can then be deployed to Virtualbox, VMware vSphere, or Amazon Web Services. Go, C++, Node.js and Python are made part of a runtime that uses the rumprun platform, an existing toolchain for creating unikernel-like software. Java apps are deployed via OSv, a single-application OS that comes with JVM support.

Docker has been interested in bringing its container system and unikernels closer together. Back in January, it acquired Unikernel Systems, hoping to add the company’s toolchain so that deploying unikernels is as easy as compositing a Docker image. UniK uses Docker images for its needed tooling, but it doesn’t yet incorporate Unikernel Systems’ technology — so far, no implementation of a unikernel-centric Docker has been available for public use. 

Another recent project, IncludeOS, has attempted to ease unikernel creation, but not in as broad a manner as UniK. IncludeOS provides a C++ library for a minimal level of operating system functionality to a program, allowing it to be deployed as a self-contained image that boots on a hypervisor. Again, it’s C++ only, where UniK aims to encompass multiple languages.

10 security TED Talks you can’t miss

Posted by on 11 June, 2016

This post was originally published on this site

TED Talk: Governments don’t understand cyber warfare. We need hackers

Speaker: Rodrigo Bijou
Time: 9:28

In this talk, Rodrigo Bijou makes the argument that when it comes to cyberwar, nonstate actors rule the day: activists, criminals, corporations, and others. And as the online world is a proven recruiting ground for terrorists, the surveillance programs run by governments are themselves exploitable. Security analyst Rodrigo Bijou argues that it’s time for governments to end their mass online surveillance and for everyone to step up and secure the internet.

Is Microsoft publishing its own FreeBSD? Yes and no

Posted by on 10 June, 2016

This post was originally published on this site

It sounds like another one for the Hell Freezes Over file: Microsoft has released a version of FreeBSD 10.3, an edition of the liberally licensed Unix-like OS.

But as with previous Microsoft dalliances in the world of open source-licensed OSes, this isn’t a case of Microsoft admitting Windows is a technological and philosophical dead end. Instead, it’s another case of Microsoft investing effort in making Azure more appealing as an environment to run such OSes.

Azure-izing FreeBSD

The details are simple: FreeBSD 10.3, the latest production version of the OS, is available as a download-and-go VM image in the Azure Marketplace. This particular image, however, has Microsoft, not FreeBSD Foundation (the organization that supports FreeBSD development) listed as the publisher.

So what’s new about Microsoft’s particular spin of FreeBSD? A post on the Microsoft Azure blog notes that it sports kernel-level improvements to improve network and storage performance, as well as the “Azure VM Guest Agent” that allows FreeBSD to talk to Azure Fabric and vice versa. There have been Linux kernel contributions by Microsoft in this same vein; they were designed to allow Linux to run well on Hyper-V.

A slightly new wrinkle is Microsoft’s non-Azure-centric contributions to FreeBSD. Those changes, according to Microsoft, are being upstreamed back into FreeBSD, “so anyone who downloads a FreeBSD 10.3 image from the FreeBSD Foundation will get those investments from Microsoft built in to the OS.” In other words, the changes in the Microsoft-published, Azure-hosted FreeBSD aren’t an Azure exclusive — all FreeBSD users will benefit in time.

Offering a helping hand

The other question people are likely to ask is why, kernel contributions notwithstanding, is Microsoft listed as the publisher of the distro? The short answer: support.

According to Microsoft’s blog post, the FreeBSD Foundation is a community of mutually supportive users, “not a solution provider or an ISV with a support organization.” The kinds of customers who run FreeBSD on Azure want to have service-level agreements of some kind, and the FreeBSD Foundation isn’t in that line of work.

This upshot is, if you have problems with FreeBSD on Azure, you can pick up the phone and get Microsoft to help out — but only if you’re running its version of FreeBSD.

Another incentive for Microsoft is that FreeBSD is used as the substrate for virtual appliances from a number of name vendors — e.g., Citrix and Gemalto. Microsoft wants those products to run on Azure, too, and has worked closely with their vendors to ensure that. Microsoft is also hinting this is just a prelude to not only more Hyper-V features in FreeBSD, but also more kernel-level performance contributions generally.

Its own spin on things

Microsoft has so far produced only one thing resembling a distribution of an open source OS: Azure Cloud Switch, a Linux distro designed for ASIC hardware to run Microsoft’s network management software. It hasn’t been made available for public use (it was built mainly for Microsoft’s own internal use at Azure), so don’t hold your breath waiting for it to appear on GitHub.

Microsoft’s direct contributions to other operating systems have inevitably revolved around making them more compatible with its own ecosystem. Even the new, Nadella-driven Microsoft, which is far friendlier to open source, isn’t likely to veer far from that course. But if it means an incrementally better FreeBSD for all, it’s hard to complain.

Mozilla’s new fund will prevent the next Heartbleed, Shellshock

Posted by on 10 June, 2016

This post was originally published on this site

Open source software is no longer just limited to applications running on computers and servers. It’s used in mobile devices, entertainment systems, medical equipment, and connected cars, to name a few. With open source software used by governments and practically every industry sector, finding and fixing vulnerabilities has moved beyond an “it would be nice” situation solidly into the “we have to do better” camp.

Toward that end, Mozilla launched The Secure Open Source (SOS) Fund to help pay for security auditing, remediation, and verification for open source software projects. As part of the program, Mozilla committed to contracting and paying security firms to audit projects’ code, working with the project maintainers to support and implement fixes, and paying for verifying the remediation work to ensure bugs have been addressed. Mozilla will also work with the maintainers to manage vulnerability disclosure. Mozilla supplied The SOS Fund with $500,000 in initial funding and encouraged other companies and governments to support the program by contributing additional funds.

“We challenge these beneficiaries of open source to pay it forward and help secure the Internet,” Mozilla said.

The discovery of Heartbleed in OpenSSL and Shellshock in Bash showed that open source software wasn’t necessarily more secure than closed source applications. The idea that more eyeballs looking at the code meant vulnerabilities would be found quickly breaks down if everyone assumes someone else is looking. Some of the projects were tremendously popular, creating a situation where many people trusted and relied on code no one had vetted. Many people realized for the first time just how underfunded and undermanned some of these popular projects were, such as the fact that OpenSSL had only two developers on the project and they were both working part-time.

What’s especially concerning is that  — more than two years after Heartbleed — there are still widely used open source projects with a single developer or two that don’t have corporate sponsorship and rely on volunteer donations. These projects frequently don’t have the resources or funding to focus on application security basics, to perform regular testing and remediating found bugs. Some of the projects can be found in critical applications, networking infrastructure, and services. Vast swaths of the internet rely on open source technologies. As much as 30 percent of deployed software in the Global 2000 is open source, and most modern applications — even commercial closed-source ones — include open source components.

“Adequate support for securing open source software remains an unsolved problem,” Mozilla noted.

Fixing issues in open source software

As part of the Mozilla Open Source Support program, The SOS Fund will cover the costs of the audits themselves and help with coordination and other types of support for various widely used open source libraries and programs. Mozilla has already supported audits for PCRE (Perl Compatible Regular Expressions), a fork of the libjpeg codebase libjpeg-turbo, and the phpMyAdmin web-based admin tool for MySQL databases. The effort uncovered 43 vulnerabilities across the three projects. Mozilla worked with Cure53 for the PCRE and libjpeg-turbo’s audits, and with NCC Group for the phpMyAdmin’s audit.

“The initial results confirm our investment hypothesis, and we’re excited to learn more as we open for [more] applications,” Mozilla said.

The audit found 29 vulnerabilities in PCRE, of which one was rated critical, five as medium, 20 as low, and three as informational. The critical vulnerability was a stack buffer overflow that could have led to arbitrary code execution when compiling untrusted regular expressions, according to the report. All of the issues, except a low severity bug, have been fixed in PCRE 10.21.

The libjpeg library, which is used by several well-known open source projects such as Chrome, LibreOffice, Firefox, and other flavors of VNC, contained five vulnerabilities. One was rated as high severity, two as medium, and two as low. The high severity flaw was an out-of-bounds read that may not be exploitable. The two medium severity flaws were originally flagged as denial-of-service issues, but turned out to be issues with the JPEG standard, and affect multiple JPEG implementations. The issues “can be triggered by entirely legal JPEGs, and so are not easy to mitigate in any JPEG library itself,” according to the audit report, which contains suggestions as to how applications using JPEG can mitigate them in their own code. Other than the issues in the JPEG standard, all of the bugs have been fixed in libjpeg-turbo stable version 1.5.

Finally, phpMyAdmin had nine different flaws, with three medium severity flaws, five low, and one informational. Two of the issues have been partially fixed and the remaining seven have been fixed in phpMyAdmin 4.6.2.

Project maintainers can apply for support or get more information from the Mozilla Open Source Support program page.

Supporting open source software security

Mozilla is not saying this initiative alone will fix the application security problem for open source. Security is a multi-step process that requires increased investments in areas such as education and best practices. The SOS Fund will provide needed short term benefits and industry momentum to help strengthen open source projects, Mozilla said.

The SOS Fund is intended to be complementary to the Linux Foundation’s Core Infrastructure Initiative, said Chris Riley, head of public policy at Mozilla. CII focuses on deeper investments into open source software that is used in critical applications, such as supporting infrastructure costs, development efforts, and governance. The SOS Fund’s audits and remediation work aids open source software projects in the ecosystem with “lower-hanging fruit security needs,” he said.

“To have substantial and lasting benefit, we need a broad range of solutions, including audits, education, best practices, and a host of others,” Riley said.

As WhiteHat Security’s Setu Kulkarni noted, The SOS Fund is a “step in the right direction,” but it’s not a stand-alone process. Security data needs to be incorporated into a risk-based application security program.

No one expects software applications to be free of vulnerabilities. But there’s a big difference between looking for and fixing obvious flaws before going to production, and just shipping with known flaws because it would take too much time to try to fix. Since software can’t be bug-free, it’s only reasonable that software be regularly updated so that vulnerabilities can be fixed.

While it’s possible to look for and fix vulnerabilities internally within the team, audits help teams tap into security expertise outside the project to help find issues. Veracode’s latest State of Software Security Report found that most applications submitted for software assessment have less than a 45 percent pass rate, and that nearly three out of four applications produced by third-party software vendors and software-as-a-service suppliers fail the OWASP Top 10 when initially assessed.

“We all rely on open source software,” Mozilla said in the blog post. “We hope this is only the beginning.”

Mozilla’s new fund will prevent the next Heartbleed, Shellshock

Posted by on 10 June, 2016

This post was originally published on this site

Open source software is no longer just limited to applications running on computers and servers. It’s used in mobile devices, entertainment systems, medical equipment, and connected cars, to name a few. With open source software used by governments and practically every industry sector, finding and fixing vulnerabilities has moved beyond an “it would be nice” situation solidly into the “we have to do better” camp.

Toward that end, Mozilla launched The Secure Open Source (SOS) Fund to help pay for security auditing, remediation, and verification for open source software projects. As part of the program, Mozilla committed to contracting and paying security firms to audit projects’ code, working with the project maintainers to support and implement fixes, and paying for verifying the remediation work to ensure bugs have been addressed. Mozilla will also work with the maintainers to manage vulnerability disclosure. Mozilla supplied The SOS Fund with $500,000 in initial funding and encouraged other companies and governments to support the program by contributing additional funds.

“We challenge these beneficiaries of open source to pay it forward and help secure the Internet,” Mozilla said.

The discovery of Heartbleed in OpenSSL and Shellshock in Bash showed that open source software wasn’t necessarily more secure than closed source applications. The idea that more eyeballs looking at the code meant vulnerabilities would be found quickly breaks down if everyone assumes someone else is looking. Some of the projects were tremendously popular, creating a situation where many people trusted and relied on code no one had vetted. Many people realized for the first time just how underfunded and undermanned some of these popular projects were, such as the fact that OpenSSL had only two developers on the project and they were both working part-time.

What’s especially concerning is that  — more than two years after Heartbleed — there are still widely used open source projects with a single developer or two that don’t have corporate sponsorship and rely on volunteer donations. These projects frequently don’t have the resources or funding to focus on application security basics, to perform regular testing and remediating found bugs. Some of the projects can be found in critical applications, networking infrastructure, and services. Vast swaths of the internet rely on open source technologies. As much as 30 percent of deployed software in the Global 2000 is open source, and most modern applications — even commercial closed-source ones — include open source components.

“Adequate support for securing open source software remains an unsolved problem,” Mozilla noted.

Fixing issues in open source software

As part of the Mozilla Open Source Support program, The SOS Fund will cover the costs of the audits themselves and help with coordination and other types of support for various widely used open source libraries and programs. Mozilla has already supported audits for PCRE (Perl Compatible Regular Expressions), a fork of the libjpeg codebase libjpeg-turbo, and the phpMyAdmin web-based admin tool for MySQL databases. The effort uncovered 43 vulnerabilities across the three projects. Mozilla worked with Cure53 for the PCRE and libjpeg-turbo’s audits, and with NCC Group for the phpMyAdmin’s audit.

“The initial results confirm our investment hypothesis, and we’re excited to learn more as we open for [more] applications,” Mozilla said.

The audit found 29 vulnerabilities in PCRE, of which one was rated critical, five as medium, 20 as low, and three as informational. The critical vulnerability was a stack buffer overflow that could have led to arbitrary code execution when compiling untrusted regular expressions, according to the report. All of the issues, except a low severity bug, have been fixed in PCRE 10.21.

The libjpeg library, which is used by several well-known open source projects such as Chrome, LibreOffice, Firefox, and other flavors of VNC, contained five vulnerabilities. One was rated as high severity, two as medium, and two as low. The high severity flaw was an out-of-bounds read that may not be exploitable. The two medium severity flaws were originally flagged as denial-of-service issues, but turned out to be issues with the JPEG standard, and affect multiple JPEG implementations. The issues “can be triggered by entirely legal JPEGs, and so are not easy to mitigate in any JPEG library itself,” according to the audit report, which contains suggestions as to how applications using JPEG can mitigate them in their own code. Other than the issues in the JPEG standard, all of the bugs have been fixed in libjpeg-turbo stable version 1.5.

Finally, phpMyAdmin had nine different flaws, with three medium severity flaws, five low, and one informational. Two of the issues have been partially fixed and the remaining seven have been fixed in phpMyAdmin 4.6.2.

Project maintainers can apply for support or get more information from the Mozilla Open Source Support program page.

Supporting open source software security

Mozilla is not saying this initiative alone will fix the application security problem for open source. Security is a multi-step process that requires increased investments in areas such as education and best practices. The SOS Fund will provide needed short term benefits and industry momentum to help strengthen open source projects, Mozilla said.

The SOS Fund is intended to be complementary to the Linux Foundation’s Core Infrastructure Initiative, said Chris Riley, head of public policy at Mozilla. CII focuses on deeper investments into open source software that is used in critical applications, such as supporting infrastructure costs, development efforts, and governance. The SOS Fund’s audits and remediation work aids open source software projects in the ecosystem with “lower-hanging fruit security needs,” he said.

“To have substantial and lasting benefit, we need a broad range of solutions, including audits, education, best practices, and a host of others,” Riley said.

As WhiteHat Security’s Setu Kulkarni noted, The SOS Fund is a “step in the right direction,” but it’s not a stand-alone process. Security data needs to be incorporated into a risk-based application security program.

No one expects software applications to be free of vulnerabilities. But there’s a big difference between looking for and fixing obvious flaws before going to production, and just shipping with known flaws because it would take too much time to try to fix. Since software can’t be bug-free, it’s only reasonable that software be regularly updated so that vulnerabilities can be fixed.

While it’s possible to look for and fix vulnerabilities internally within the team, audits help teams tap into security expertise outside the project to help find issues. Veracode’s latest State of Software Security Report found that most applications submitted for software assessment have less than a 45 percent pass rate, and that nearly three out of four applications produced by third-party software vendors and software-as-a-service suppliers fail the OWASP Top 10 when initially assessed.

“We all rely on open source software,” Mozilla said in the blog post. “We hope this is only the beginning.”

New Mozilla fund will pay for security audits of open-source code

Posted by on 10 June, 2016

This post was originally published on this site

A new Mozilla fund, called Secure Open Source, aims to provide security audits of open-source code, following the discovery of critical security bugs like Heartbleed and Shellshock in key pieces of the software.

Mozilla has set up a $500,000 initial fund that will be used for paying professional security firms to audit project code. The foundation will also work with the people maintaining the project to support and implement fixes and manage disclosures, while also paying for the verification of the remediation to ensure that identified bugs have been fixed.

The initial fund will cover audits of  some widely-used open source libraries and programs. 

The move is a recognition of the growing use of open-source software for critical applications and services by  businesses, government and educational institutions. “From Google and Microsoft to the United Nations, open source code is now tightly woven into the fabric of the software that powers the world. Indeed, much of the Internet — including the network infrastructure that supports it — runs using open source technologies,” wrote Chris Riley, Mozilla’s head of public policy in a blog post Thursday.

Mozilla is hoping that the companies and governments that use open source will join it and provide additional funding for the project.

In a trial of the SOS program on three pieces of open-source software, Mozilla said it found and fixed 43 bugs, including a critical vulnerability and two issues in connection with a widely used image file format. “These initial results confirm our investment hypothesis, and we’re excited to learn more as we open for applications,” Riley wrote.

The SOS fund “fills a critical gap in cybersecurity by creating incentives to find the bugs in open source and letting people fix them,” said James A. Lewis, senior vice president and director of the Strategic Technologies Program at the Center for Strategic and International Studies, in a statement.

Paying people to find bugs in software, sometimes in the form of challenges, has become common practice, with many companies including Google having bug bounty programs.

The Linux Foundation has a Core Infrastructure Initiative that also aims to secure key open-source projects, in collaboration with technology companies like Amazon Web Services, Cisco, Google, and Facebook. The CII, set up in April 2014,  was a response to the Heartbleed bug.

Describing the CII as focused on “necessary, deeper-dive investments into the core OS security infrastructure, like in OpenSSL,” Mozilla said the role of SOS is complementary as it targets “a different class of OSS projects with lower-hanging fruit security needs.”

The SOS is part of a larger program, called Mozilla Open Source Support, launched by Mozilla in October last year to support open source and free software development. MOSS has an annual budget of about $3 million.

To qualify for SOS funding, the software must be open source or free software, with the appropriate licenses and approvals, and must be actively maintained. Some of the other factors that will be considered are whether a project is already corporate backed, how commonly is the software used, whether it is network-facing or regularly processes untrusted data, and its importance to the continued functioning of the Internet or the Web.

Gosling rallies against Oracle for Java EE neglect

Posted by on 10 June, 2016

This post was originally published on this site

Oracle’s stewardship of Java is under fire — again.

This time, the company’s development of Java EE (Enterprise Edition) has become a sore spot for devotees of the platform, including Java creator James Gosling and a former Java evangelist who left Oracle in March.

Called Java EE Guardians, the group launched a petition about the matter on change.org on Thursday, said Reza Rahman, former EE evangelist at Oracle and a leader of Java Guardians. Gosling’s name sits at the top of the membership page. The petition asks where Oracle stands on the planned Java EE 8 release, requests that the company maintain its commitment to the release, and claims that if Oracle is unwilling to do the work on Java EE, it should cede control to others, such as IBM or Red Hat.

While professing to lack insight into what’s going on inside Oracle, Gosling said Thursday that the “tidbits” he has heard were “pretty disturbing.” He left Oracle not long after the company acquired original Java owner Sun Microsystems in 2010, under acrimonious terms. “It’s not so much that Oracle is backing off on EE, but that it’s backing off on cooperating with the community,” Gosling said. “Taking it ‘proprietary’, going for the ‘roach motel’ model of non-standard standards — ‘customers check in, but they don’t check out.'”

The Java EE Guardians website emphasizes concerns about commitment. “Our purpose is advocacy, raising awareness, finding solutions, collaboration and mutual support. We believe that together — including Oracle — we can prove that this is the dawn of a new era for an ever brighter future for Java, Java EE, and server-side computing.”

Oracle was accused of de-emphasizing Java last year after it dismissed or reassigned evangelists, thereby raising questions about its commitment to the platform’s openness. Still, the company shortly thereafter held its annual JavaOne conference devoted to Java.

Another participant in Java Guardians, blogger Peter Pilgrim, describes Java EE 8 as being “in crisis.” There is an unease about the future, he said, though he admitted he doesn’t know if Oracle in fact has backed off its commitment to Java EE because the company has been silent. “Oracle has not made any public announcement about the Java EE reduction of commits and progress,” he noted.

Java Guardians emphasizes the importance of Java EE, pointing out that hundreds of thousands of applications have been written with it and that many frameworks depend on it.

Version 8, which will emphasize cloud capabilities as well as HTML5 and HTTP 2.0, is due in the first half of 2017, but Rahman questions this timeline. He describes work on Java EE 8 as “lackluster from the start,” with activity having been stopped, and he described the open source GlassFish application server, which has been the reference implementation of Java EE, as “very much a dead project.” He acknowledged GlassFish has competed with Oracle’s own commercially available Java application servers.

Rahman said he left Oracle after questioning the company’s commitment to Java EE himself, wondering, “How could I be evangelizing a platform that Oracle is clearly not investing in?” He now works as a consultant at Captech Consulting. Asked if Oracle wants the community to take over development of Java EE, Rahman responded, “It’s impossible to determine what Oracle wants because they have not even acknowledged yet that there is a problem.” Specification leads from Oracle, who are in charge of improvements planned for enterprise Java, have not been responsive to input, according to Rahman.

Leaving Oracle, Rahman said, gave him the bandwidth to do what needed to be done as far as promoting development of Java EE. The platform, he stressed, is fundamental because of its execution on servers. “Most work happens on servers, even with microservices, even on the cloud.” One benefit of the current situation around enterprise Java is it could result in less control over Java EE by steward in charge, which now is Oracle. “Oracle and Sun have always had an unhealthy amount of influence.”

Oracle could not be reached for comment Thursday on the efforts of Java EE Guardians.

Basic income: Silicon Valley resolves to disrupt poverty

Posted by on 10 June, 2016

This post was originally published on this site

An interesting development has arisen: Universal basic income has become the darling of Silicon Valley. But before you get up and dance to “Money for Nothing,” brush up on what Greek mythology has to say about Trojans who wheel gift horses into the city.

Technologists — from Tim O’Reilly to venture capitalist Albert Wenger to authors and entrepreneurs such as Peter Diamandis and Martin Ford — suddenly seem eager for government to hand out cash to us ordinary folks. Some, such as Sam Altman, are even putting their money where their mouth is. The president of startup incubator Y Combinator is funding a five-year study in Oakland on the effects of giving people enough money to live on, no strings attached.

What gives? When Silicon Valley leaders speak out, “it is usually to disparage the homeless, celebrate colonialism, or complain about the hapless city regulators who are out to strangle the fragile artisans who gave us Uber and Airbnb,” as The Guardian wrote.

Basic income bromance

In the ’60s and ’70s, when this country was caught up in a War on Poverty, basic income was an idea that had the support of people ranging from economist and libertarian hero Milton Friedman to Martin Luther King Jr. to Richard Nixon. Now the idea is undergoing a revival — and not only in Finland, the Netherlands, and Canada, which are all implementing experiments with basic income.

Silicon Valley’s embrace of the concept seems at first blush to be fueled by a belief that technology — specifically breakthroughs in automation, AI, and machine learning — could soon make people as obsolete as workhorses. In such a future, basic income will be necessary to stave off a Luddite uprising.

“Don’t destroy the robots,” says Professor Jeffrey D. Sachs of Columbia University. “But recognize that not everybody would be better off as a result of market forces. With redistribution everybody could be made better off.”

Of course, not all experts are convinced of humanity’s impending redundancy. According to the New York Times, for every analysis forecasting that half of all jobs in the United States will be replaced by new technology there are others finding no such evidence.

What can’t be denied is the widening gap between rich and poor in the United States. Tech’s supporters of basic income often point to this growing gap as proof that accelerating technology creates inequality. According to this theory, The Guardian says, capitalism is meritocratic and technology enriches “those exceptional few who are smart enough to perform tasks that are too complex or creative to automate, while impoverishing the rest.” 

But if technology really is to blame for this growing gap, why has wage growth stagnated for pretty much all workers — Wall Street excluded? People in IT earn about as much today in inflation-adjusted dollars as they did in the late 1990s.

Good cop or bad cop?

Inequality isn’t the inevitable by-product of technology, The Guardian argues. If it were, other industrialized countries would have levels of inequality comparable to the United States — which they don’t. Instead, Silicon Valley’s embrace of basic income is “the Trojan horse that would allow tech companies to position themselves as progressive, even caring — the good cop to Wall Street’s bad cop” when what’s probably needed is a transformation of the tax code.

Don’t fool yourself: Tech investors don’t expect to pony up and fund these basic income payouts. Heck, many are pioneers of tax avoidance schemes to avoid paying any taxes at all.

Nor do they propose putting an end to their gold rush on personal data. We are all currently giving away our data for free to tech giants. Telecom data alone is currently worth $24 billion per year, on its way to $79 billion in 2020, according to estimates by 451 Research.

What if instead of asking the needy to foot the bill, through the elimination of government programs like public housing, food stamps, and Medicaid — as Libertarians and conservatives propose — the basic income was structured like a dividend from tech companies for our “natural resources,” like Alaska does with its oil taxes and profits?

Spread the wealth

If Silicon Valley really wants to take steps toward the introduction of basic income, “why not make us, the users, the owners of our own data?” proposes Evgeny Morozov, author of “The Net Delusion: The Dark Side of Internet Freedom.” “Think of a mechanism whereby … data that now accrues almost exclusively to the big tech firms, would compensate citizens for their data with some kind of basic income, that might be either direct (cash) or indirect (free services such as transportation).”

This will never happen, Morozov says, “because data is the very asset that makes Silicon Valley impossible to disrupt — and it knows it …. Somehow our tech elites want us to believe that governments will scrape enough cash together to make it happen. Who will pay for it, though? Clearly, it won’t be the radical moguls of Silicon Valley: They prefer to park their cash offshore.”

The tech industry has fed on a steady stream of public goods ever since the U.S. military funded Silicon Valley into existence, The Guardian says. “Those goods might be government research, mined for profitable inventions, or the contents of your Gmail inbox and Facebook feed, mined for advertising revenue. What matters is they’re free, and they’re free because we give them away. If the robots ever arrive, their arrival will be bankrolled by our taxes, our attention, our data.”

Ben Tarnoff calls a basic income policy under these circumstances “the crumbs left by the bully who steals your sandwich.” It seems there really is no free lunch.

Page 1 of 712345...Last »

Social Media

Bulk Deals

Subscribe for exclusive Deals

Recent Post

Archives

Facebook

Twitter

Subscribe for exclusive Deals




Copyright 2015 - InnovatePC - All Rights Reserved

Site Design By Digital web avenue